From: Ralph de Boom <lkml@deboom.biz>
To: netfilter@vger.kernel.org
Subject: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
Date: Wed, 04 Nov 2009 01:49:16 +0100 [thread overview]
Message-ID: <4AF0CF8C.7000602@deboom.biz> (raw)
Hi there,
Excuse me if this email might go wrong, it's my first message to a
mailing list.
But here's my problem: (And I hope you guys could shed light for me...)
I originally ran Debian Lenny on kernel 2.6.18.
Since today I reinstalled it to Ubuntu Server 9.10 with kernel 2.6.31.
Now I used to do this in lenny:
iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d 81.4.97.0/24 -j
MARK --set-mark 0x1
This would cause relevant packets to be marked 0x1, which in return I
had a 'ip rule':
my rules look like this:
ip rule show
0: from all lookup local
32760: from all fwmark 0x2 lookup upc
32761: from all fwmark 0x1 lookup xs4all
32762: from 192.168.1.XX lookup xs4all
32763: from 192.168.1.XX lookup upc
32764: from 24.132.104.XXX lookup upc
32765: from 192.168.2.XX lookup xs4all
32766: from all lookup main
32767: from all lookup default
And my 'xs4all' table looks like:
ip route show table xs4all
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.XX
default via 192.168.2.X dev eth0
I know the rule matches packets i make:
iptables -t mangle -v -L
Chain PREROUTING (policy ACCEPT 3111K packets, 1861M bytes)
pkts bytes target prot opt in out source
destination
16 1100 MARK all -- any any 192.168.1.0/24
ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
But somehow the connection is never relayed over the xs4all table...
The changes I've noticed compared to lenny:
iptables now likes to mark my --set-mark 0x1 as a --set-xmark
0x1/0xffffffff
whereas in lenny it would stay a --set-mark 0x1
Would be very pleased if someone could help me in this matter.
Greetings,
Ralph de Boom
next reply other threads:[~2009-11-04 0:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-04 0:49 Ralph de Boom [this message]
2009-11-04 11:16 ` Iptables v1.4.4 + kernel 2.6.31 mangle marking changed? Patrick McHardy
2009-11-04 13:15 ` Ralph de Boom
2009-11-04 14:10 ` Patrick McHardy
2009-11-04 15:53 ` Ralph de Boom
2009-11-05 11:52 ` Richard Horton
2009-11-05 17:53 ` Ralph de Boom
2009-11-10 17:34 ` Ralph de Boom
2009-11-11 8:33 ` Richard Horton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AF0CF8C.7000602@deboom.biz \
--to=lkml@deboom.biz \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.